Between more sophisticated cybercriminals and immense pressure to ensure compliance governance, by 2021 it is already becoming a minefield. And as such, cybersecurity has risen to the top of the agendas of most organizations.
With that in mind, Sophos research shows the ten misconceptions of cybersecurity:
Misconception 1: We are not a target; we are too small and / or have no value to an opponent.
Many victims of cyberattacks believe that they are too small, in an uninteresting sector or that they do not have the kind of lucrative assets that attract an adversary. The truth is, it doesn’t matter: if you have the processing power and a digital presence, you’re a target.
Misconception 2: We don’t need advanced security technologies installed everywhere.
Some IT teams still believe that endpoint security software is enough to stop all threats and / or do not need security for their servers. Attackers make the most of these assumptions. Any configuration, patch, or protection errors make servers a primary, not a secondary, goal, as might have been the case in the past.
Misconception 3: We have strong security policies.
It is essential to have security policies for applications and users. However, they need to be constantly reviewed and updated as new features and functionality are added to devices connected to the network. Verify and test policies using techniques such as penetration testing, desktop drills, and testing of your disaster recovery plans.
Misconception 4: Remote Desktop Protocol (RDP) servers can protect themselves from attackers by changing the ports on which they are located and introducing multifactor authentication (MFA).
The standard port used for RDP services is 3389, so most attackers will scan this port to find open remote access servers. However, scanning will identify open services, regardless of where they are located, so switching ports offers little or no protection on their own.
Misconception 5: Blocking IP addresses in high-risk regions protects us from attacks from these geographies.
Blocking IPs from specific regions is unlikely to hurt, but it could give a false sense of security if you only rely on it to protect yourself. Opponents host their malicious infrastructure in many countries, with points of interest such as the United States, the Netherlands and the rest of Europe.
Misconception 6: Our backups provide immunity against the impact of ransomware.
Maintaining up-to-date backups of documents is critical to business. However, if your backups are connected to the network, they will be within reach of attackers and will be vulnerable to being encrypted, deleted, or disabled in a ransomware attack.
Misconception 7: Our employees understand security.
According to the 2021 Ransomware State, 22% of organizations believe it will be affected by ransomware in the next 12 months because it is difficult to prevent end users from compromising security.
Social engineering tactics such as fishing emails are becoming increasingly difficult to detect. Messages are usually handwritten, accurately written, persuasive, and well-targeted. Your employees need to know how to spot suspicious messages and what to do when they receive one. Who are notified so that other employees can be on alert?
Misconception 8: Incident response teams can recover my data after a ransomware attack.
This is very unlikely. Currently, attackers make far fewer mistakes and the encryption process has improved, so relying on users responding to find a loophole that can undo the damage is very rare. Automatic backups, such as Windows Volume ShadowCopies, are also erased with the most modern ransomware, in addition to overwriting the original data stored on the disk, making recovery impossible other than paying the ransom.
Misconception 9: If you pay the ransom, our data will be recovered after a ransomware attack.
According to the State of Ransomware 2021 survey, an organization that pays the ransom recovers on average two-thirds (65%) of its data. Only 8% recovered all their data and 29% recovered less than half. Paying the ransom, even when it seems like the easiest option and / or is covered by your cybersecurity policy, is therefore not an easy way to recover.
Misconception 10: Ransomware release is the whole attack; if we survive, we are fine.
Unfortunately, this is rarely the case. Ransomware is just the point where attackers want you to realize they are there and what they have done.